UNDERTAKINGS OF THE DEPARTMENT OF HOMELAND SECURITY BUREAU OF CUSTOMS AND BORDER PROTECTION (CBP)

Size: px
Start display at page:

Download "UNDERTAKINGS OF THE DEPARTMENT OF HOMELAND SECURITY BUREAU OF CUSTOMS AND BORDER PROTECTION (CBP)"

Transcription

1 UNDERTAKINGS OF THE DEPARTMENT OF HOMELAND SECURITY BUREAU OF CUSTOMS AND BORDER PROTECTION (CBP) In support of the plan of the European Commission (Commission) to exercise the powers conferred on it by Article 25(6) of Directive 95/46/EC (the Directive) and to adopt a decision recognizing the Department of Homeland Security Bureau of Customs and Border Protection (CBP) as providing adequate protection for the purposes of air carrier transfers of Passenger 1 Name Record (PNR) data which may fall within the scope of the Directive, CBP undertakes as follows: Legal Authority to Obtain PNR 1) By legal statute (title 49, United States Code, section 44909(c)(3)) and its implementing (interim) regulations (title 19, Code of Federal Regulations, section b), each air carrier operating passenger flights in foreign air transportation to or from the United States, must provide CBP (formerly, the U.S. Customs Service) with electronic access to PNR data to the extent it is collected and contained in the air carrier's automated reservation/departure control systems ("reservation systems"); Use of PNR Data by CBP 2) Most data elements contained in PNR data can be obtained by CBP upon examining a data subject's airline ticket and other travel documents pursuant to its normal border control authority, but the ability to receive this data electronically will significantly enhance CBP's ability to facilitate bona fide travel and conduct efficient and effective advance risk assessment of passengers; 3) PNR data is used by CBP strictly for purposes of preventing and combating: 1) terrorism and related crimes; 2) other serious crimes, including organized crime, that are transnational in nature; and 3) flight from warrants or custody for the crimes described above. Use of PNR data for these purposes permits CBP to focus its resources on high risk concerns, thereby facilitating and safeguarding bona fide travel; Data Requirements 4) Data elements which CBP requires are listed herein at Attachment "A". (Such identified elements are hereinafter referred to as PNR for purposes of these Undertakings). Although CBP requires access to each of those thirty-four (34) data elements listed in Attachment "A", CBP believes that it will be rare that an individual PNR will include a full set of the identified data. In those instances where the PNR does not include a full set of the identified data, CBP will not seek direct access from the air carrier's reservation system to other PNR data which are not listed on Attachment "A"; 5) With respect to the data elements identified as "OSI" and "SSI/SSR" (commonly referred to as general remarks and open fields), CBP's automated system will search those fields for any of the other data elements identified in Attachment "A". CBP personnel will not be authorized to manually review the full OSI and SSI/SSR fields 1 For the purposes of these Undertakings, the terms "passenger" and "passengers" shall include crew members.

2 unless the individual that is the subject of a PNR has been identified by CBP as high risk in relation to any of the purposes identified in paragraph 3 hereof; 6) Additional personal information sought as a direct result of PNR data will be obtained from sources outside the government only through lawful channels, including through the use of mutual legal assistance channels where appropriate, and only for the purposes set forth in paragraph 3 hereof. For example, if a credit card number is listed in a PNR, transaction information linked to that account may be sought, pursuant to lawful process, such as a subpoena issued by a grand jury or a court order, or as otherwise authorized by law. In addition, access to records related to accounts derived from a PNR will follow U.S. statutory requirements for subpoenas, court orders, warrants, and other processes as authorized by law, depending on the type of information being sought; 7) CBP will consult with the European Commission regarding revision of the required PNR data elements (Attachment A ), prior to effecting any such revision, if CBP becomes aware of additional PNR fields that airlines may add to their systems which would significantly enhance CBP's ability to conduct passenger risk assessments or if circumstances indicate that a previously non-required PNR field will be needed to fulfill the limited purposes referred to in paragraph 3 of these Undertakings; 8) CBP may transfer PNRs on a bulk basis to the Transportation Security Administration (TSA) for purposes of TSA's testing of its Computer Assisted Passenger Prescreening System II (CAPPS II). Such transfers will not be made until PNR data from US domestic flights has first been authorized for testing. PNR data transferred under this provision will not be retained by TSA or any other parties directly involved in the tests beyond the period necessary for testing purposes, or be transferred to any other third party 2. The purpose of the processing is strictly limited to testing the CAPPS II system and interfaces, and, except in emergency situations involving the positive identification of a known terrorist or individual with established connections to terrorism, is not to have any operational consequences. Under the provision requiring an automated filtering method described in paragraph 10, CBP will have filtered and deleted sensitive data before transferring any PNRs to TSA on a bulk basis under this paragraph Treatment of Sensitive Data 9) CBP will not use "sensitive" data (i.e. personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and data concerning the health or sex life of the individual) from the PNR, as described below; 10) CBP will implement, with the least possible delay, an automated system which filters and deletes certain "sensitive" PNR codes and terms which CBP has identified in consultation with the European Commission; 11) Until such automated filters can be implemented CBP represents that it does not and will not use "sensitive" PNR data and will undertake to delete "sensitive" data from any discretionary disclosure of PNR under paragraphs 28-34; 3 2 For purposes of this provision, CBP is not considered a party directly involved in the CAPPS II testing or a "third party." 3 Prior to CBP's implementation of automated filters (as referenced in paragraph 10 hereof), if "sensitive" data exists in a PNR which is the subject of a non-discretionary disclosure by CBP as described in 2

3 Method of Accessing PNR Data 12) With regard to the PNR data which CBP accesses (or receives) directly from the air carrier's reservation systems for purposes of identifying potential subjects for border examination, CBP personnel will only access (or receive) and use PNR data concerning persons whose travel includes a flight into or out of 4 the United States; 13) CBP will pull passenger information from air carrier reservation systems until such time as air carriers are able to implement a system to push the data to CBP; 14) CBP will pull PNR data associated with a particular flight no earlier than 72 hours prior to the departure of that flight, and will re-check the systems no more than three (3) times between the initial pull, the departure of the flight from a foreign point and the flight's arrival in the United States, or between the initial pull and the departure of the flight from the United States, as applicable, to identify any changes in the information. In the event that the air carriers obtain the ability to "push" PNR data, CBP will need to receive the data 72 hours prior to departure of the flight, provided that all changes to the PNR data which are made between that point and the time of the flight s arrival in or departure from the U.S., are also pushed to CBP. 5 In the unusual event that CBP obtains advance information that person(s) of specific concern may be travelling on a flight to, from or through the U.S., CBP may pull (or request a particular push) of PNR data prior to 72 hours before departure of the flight to ensure proper enforcement action may be taken when essential to prevent or combat an offense enumerated in paragraph 3 hereof. To the extent practicable, in such instances where PNR data must be accessed by CBP prior to 72 hours before the departure of the flight, CBP will utilize customary law enforcement channels; Storage of PNR Data 15) Subject to the approval of the National Archives and Records Administration (44 U.S.C. 2101, et seq.), CBP will limit on-line access to PNR data to authorized CBP users 6 for a period of seven (7) days, after which the number of officers authorized to access the PNR data will be even further limited for a period of three years and 6 months (3.5 years) from the date the data is accessed (or received) from the air carrier's reservation system. After 3.5 years, PNR data that has not been manually accessed during that period of time, will be destroyed. PNR data that has been manually accessed during the initial 3.5 year period will be transferred by CBP to a deleted record file, 7 paragraph 35 hereof, CBP will make every effort to limit the release of "sensitive" PNR data, consistent with U.S. law. 4 This would include persons transiting through the United States. 5 In the event that the air carriers agree to push the PNR data to CBP, the agency will engage in discussions with the air carriers regarding the possibility of pushing PNR data at periodic intervals between 72 hours before departure of the flight from a foreign point and the flight s arrival in the United States, or within 72 hours before the departure of the flight from the United States, as applicable. CBP seeks to utilize a method of pushing the necessary PNR data that meets the agency's needs for effective risk assessment, while minimizing the economic impact upon air carriers. 6 These authorized CBP users would include employees assigned to analytical units in the field offices, as well as employees assigned to the National Targeting Center. As indicated previously, persons charged with maintaining, developing or auditing the CBP database will also have access to such data for those limited purposes. 7 Although the PNR record is not technically deleted when it is transferred to the Deleted Record File, it is stored as raw data (not a readily searchable form and, therefore, of no use for "traditional" law enforcement investigations) and is only available to authorized personnel in the Office of Internal Affairs for CBP (and 3

4 where it will remain for a period of eight (8) years before it is destroyed. This schedule, however, would not apply to PNR data that is linked to a specific enforcement record (such data would remain accessible until the enforcement record is archived). With respect to PNR which CBP accesses (or receives) directly from air carrier reservation systems during the effective dates of these Undertakings, CBP will abide by the retention policies set forth in the present paragraph, notwithstanding the possible expiration of the Undertakings pursuant to paragraph 46 herein; CBP Computer System Security 16) Authorized CBP personnel obtain access to PNR through the closed CBP intranet system which is encrypted end-to-end and the connection is controlled by the Customs Data Center. PNR data stored in the CBP database is limited to "read only" access by authorized personnel, meaning that the substance of the data may be programmatically reformatted, but will not be substantively altered in any manner by CBP once accessed from an air carrier's reservation system; 17) No other foreign, federal, state or local agency has direct electronic access to PNR data through CBP databases (including through the Interagency Border Inspection System (IBIS)); 18) Details regarding access to information in CBP databases (such as who, where, when (date and time) and any revisions to the data) are automatically recorded and routinely audited by the Office of Internal Affairs to prevent unauthorized use of the system; 19) Only certain CBP officers, employees or information technology contractors 8 (under CBP supervision) who have successfully completed a background investigation, have an active, password-protected account in the CBP computer system, and have a recognized official purpose for reviewing PNR data, may access PNR data; 20) CBP officers, employees and contractors are required to complete security and data privacy training, including passage of a test, on a biennial basis. CBP system auditing is used to monitor and ensure compliance with all privacy and data security requirements; 21) Unauthorized access by CBP personnel to air carrier reservation systems or the CBP computerized system which stores PNR is subject to strict disciplinary action (which may include termination of employment) and may result in criminal sanctions being imposed (fines, imprisonment of up to one year, or both) (see title 18, United States Code, section 1030); 22) CBP policy and regulations also provide for stringent disciplinary action (which may include termination of employment) to be taken against any CBP employee who discloses information from CBP's computerized systems without official authorization (title 19, Code of Federal Regulations, section ); in some cases the Office of the Inspector General in connection with audits) and personnel responsible for maintaining the database in CBP s Office of Information Technology, on a need to know basis. 8 Access by "contractors" to any PNR data contained in the CBP computer systems would be confined to persons under contract with CBP to assist in the maintenance or development of CBP's computer system. 4

5 23) Criminal penalties (including fines, imprisonment of up to one year, or both) may be assessed against any officer or employee of the United States for disclosing PNR data obtained in the course of his employment, where such disclosure is not authorized by law (see title 18, United States Code, sections 641, 1030, 1905); CBP Treatment and Protection of PNR Data 24) CBP treats PNR information regarding persons of any nationality or country of residence as law enforcement sensitive, confidential personal information of the data subject, and confidential commercial information of the air carrier, and, therefore, would not make disclosures of such data to the public, except as in accordance with these Undertakings or as otherwise required by law; 25) Public disclosure of PNR data is generally governed by the Freedom of Information Act (FOIA) (title 5, United States Code, section 552) which permits any person (regardless of nationality or country of residence) access to a U.S. federal agency's records, except to the extent such records (or a portion thereof) are protected from public disclosure by an applicable exemption under the FOIA. Among its exemptions, the FOIA permits an agency to withhold a record (or a portion thereof) from disclosure where the information is confidential commercial information, where disclosure of the information would constitute a clearly unwarranted invasion of personal privacy, or where the information is compiled for law enforcement purposes, to the extent that disclosure may reasonably be expected to constitute an unwarranted invasion of personal privacy (title 5, United States Code, sections 552(b)(4), (6), (7)(C)); 26) CBP regulations (title 19, Code of Federal Regulations, section ), which govern the processing of requests for information (such as PNR data) pursuant to the FOIA, specifically provide that (subject to certain limited exceptions in the case of requests by the data subject) the disclosure requirements of the FOIA are not applicable to CBP records relating to: (1) confidential commercial information; (2) material involving personal privacy where the disclosure would constitute a clearly unwarranted invasion of personal privacy; and (3) information compiled for law enforcement purposes, where disclosure could reasonably be expected to constitute an unwarranted invasion of personal privacy. 9 27) CBP will take the position in connection with any administrative or judicial proceeding arising out of a FOIA request for PNR information accessed from air carriers, that such records are exempt from disclosure under the FOIA; Transfer of PNR Data to Other Government Authorities 28) With the exception of transfers between CBP and TSA pursuant to paragraph 8 herein, Department of Homeland Security (DHS) components will be treated as "third agencies", subject to the same rules and conditions for sharing of PNR data as other government authorities outside DHS; 29) CBP, in its discretion, will only provide PNR data to other government authorities, including foreign government authorities, with counter-terrorism or law enforcement functions, on a case-by-case basis, for purposes of preventing and combating offenses 9 CBP would invoke these exemptions uniformly, without regard to the nationality or country of residence of the subject of the data. 5

6 identified in paragraph 3 herein. (Authorities with whom CBP may share such data shall hereinafter be referred to as the "Designated Authorities"); 30) CBP will judiciously exercise its discretion to transfer PNR data for the stated purposes. CBP will first determine if the reason for disclosing the PNR data to another Designated Authority fits within the stated purpose (see paragraph 29 herein). If so, CBP will determine whether that Designated Authority is responsible for preventing, investigating or prosecuting the violations of, or enforcing or implementing, a statute or regulation related to that purpose, where CBP is aware of an indication of a violation or potential violation of law. The merits of disclosure will need to be reviewed in light of all the circumstances presented; 31) For purposes of regulating the dissemination of PNR data which may be shared with other Designated Authorities, CBP is considered the "owner" of the data and such Designated Authorities are obligated by the express terms of disclosure to: (1) use the PNR data only for the purposes set forth in paragraph 29 or 34 herein, as applicable; (2) ensure the orderly disposal of PNR information that has been received, consistent with the Designated Authority's record retention procedures; and (3) obtain CBP's express authorization for any further dissemination. Failure to respect the conditions for transfer may be investigated and reported by the DHS Chief Privacy Officer and may make the Designated Authority ineligible to receive subsequent transfers of PNR data from CBP; 32) Each disclosure of PNR data by CBP will be conditioned upon the receiving agency's treatment of this data as confidential commercial information and law enforcement sensitive, confidential personal information of the data subject, as identified in paragraphs 25 and 26 hereof, which should be treated as exempt from disclosure under the Freedom of Information Act (5 U.S.C. 552). Further, the recipient agency will be advised that further disclosure of such information is not permitted without the express prior approval of CBP. CBP will not authorize any further transfer of PNR data for purposes other than those identified in paragraphs 29, 34 or 35 herein; 33) Persons employed by such Designated Authorities who without appropriate authorization disclose PNR data, may be liable for criminal sanctions (title 18, United States Code, sections 641, 1030, 1905); 34) No statement herein shall impede the use or disclosure of PNR data to relevant government authorities, where such disclosure is necessary for the protection of the vital interests of the data subject or of other persons, in particular as regards significant health risks. Disclosures for these purposes will be subject to the same conditions for transfers set forth in paragraphs 31 and 32 of these Undertakings; 35) No statement in these Undertakings shall impede the use or disclosure of PNR data in any criminal judicial proceedings or as otherwise required by law. CBP will advise the European Commission regarding the passage of any U.S. legislation which materially affects the statements made in these Undertakings; Notice, Access and Opportunities for Redress for PNR Data Subjects 36) CBP will provide information to the traveling public regarding the PNR requirement and the issues associated with its use (i.e., general information regarding the authority under which the data is collected, the purpose for the collection, protection of the data, data sharing, the identity of the responsible official, procedures available for 6

7 redress and contact information for persons with questions or concerns, etc., for posting on CBP's website, in travel pamphlets, etc.); 37) Requests by the data subject (also known as "first party requesters") to receive a copy of PNR data contained in CBP databases regarding the data subject are processed under the Freedom of Information Act (FOIA). Such requests may be addressed to: Freedom of Information Act (FOIA) Request, U.S. Customs and Border Protection, 1300 Pennsylvania Avenue, N.W., Washington, D.C , if by mail; or such request may be delivered to the Disclosure Law Officer, U.S. Customs and Border Protection, Headquarters, Washington, D.C. For further information regarding the procedures for making FOIA requests are contained in section of title 19 of the U.S. Code of Federal Regulations. In the case of a first-party request, the fact that CBP otherwise considers PNR data to be confidential personal information of the data subject and confidential commercial information of the air carrier will not be used by CBP as a basis under FOIA for withholding PNR data from the data subject; 38) In certain exceptional circumstances, CBP may exercise its authority under FOIA to deny or postpone disclosure of all (or, more likely, part) of the PNR record to a first party requester, pursuant to title 5, United States Code, section 552(b) (e.g., if disclosure under FOIA "could reasonably be expected to interfere with enforcement proceedings" or "would disclose techniques and procedures for law enforcement investigations...[which] could reasonably be expected to risk circumvention of the law ). Under FOIA, any requester has the authority to administratively and judicially challenge CBP's decision to withhold information (see 5 U.S.C. 552(a)(4)(B); 19 CFR ); 39) CBP will undertake to rectify 10 data at the request of passengers and crewmembers, air carriers or Data Protection Authorities (DPAs) in the EU Member States (to the extent specifically authorized by the data subject), where CBP determines that such data is contained in its database and a correction is justified and properly supported. CBP will inform any Designated Authority which has received such PNR data of any material rectification of that PNR data; 40) Requests for rectification of PNR data contained in CBP's database and complaints by individuals about CBP's handling of their PNR data may be made, either directly or via the relevant DPA (to the extent specifically authorized by the data subject) to the Assistant Commissioner, Office of Field Operations, U.S. Bureau of Customs and Border Protection, 1300 Pennsylvania Avenue, N.W., Washington, D.C ; 41) In the event that a complaint cannot be resolved by CBP, the complaint may be directed, in writing, to the Chief Privacy Officer, Department of Homeland Security, Washington, DC 20528, who will review the situation and endeavor to resolve the complaint; By "rectify", CBP wishes to make clear that it will not be authorized to revise the data within the PNR record that it accesses from the air carriers. Rather, a separate record linked to the PNR record will be created to note that the data was determined to be inaccurate and the proper correction. Specifically, CBP will annotate the passenger s secondary examination record to reflect that certain data in the PNR may be or is inaccurate. 11 The DHS Chief Privacy Officer is independent of any directorate within the Department of Homeland Security. She is statutorily obligated to ensure that personal information is used in a manner than complies with relevant laws (see footnote 13). The determinations of the Chief Privacy Officer shall be binding on the Department and may not be overturned on political grounds. 7

8 42) Additionally, the DHS Privacy Office will address on an expedited basis complaints referred to it by DPAs in the European Union (EU) Member States on behalf of an EU resident to the extent such resident has authorized the DPA to act on his or her behalf and believes that his or her data protection complaint regarding PNR has not been satisfactorily dealt with by CBP (as set out in paragraphs of these Undertakings) or the DHS Privacy Office. The Privacy Office will report its conclusions and advise the DPA or DPAs concerned regarding actions taken, if any. The DHS Chief Privacy Officer will include in her report to Congress issues regarding the number, the substance and the resolution of complaints regarding the handling of personal data, such as PNR; 12 Compliance Issues 43) CBP, in conjunction with DHS, undertakes to conduct once a year, or more often if agreed by the parties, a joint review with the European Commission assisted as appropriate by representatives of European law enforcement authorities and/or authorities of the Member States of the European Union, 13 on the implementation of these Undertakings, with a view to mutually contributing to the effective operation of the processes described in these Undertakings; 44) CBP will issue regulations, directives or other policy documents incorporating the statements herein, to ensure compliance with these Undertakings by CBP officers, employees and contractors. As indicated herein, failure of CBP officers, employees and contractors to abide by CBP s policies incorporated therein may result in strict disciplinary measures being taken, and criminal sanctions, as applicable; Reciprocity 45) In the event that an airline passenger identification system is implemented in the European Union which requires air carriers to provide authorities with access to PNR data for persons whose current travel itinerary includes a flight to or from the European Union, CBP shall, strictly on the basis of reciprocity, encourage U.S.-based airlines to cooperate; 12 Pursuant to section 222 of the Homeland Security Act of 2002 (the "Act") (Public Law , dated November 25, 2002), the Privacy Officer for DHS is charged with conducting a "privacy impact assessment" of proposed rules of the Department on "on the privacy of personal information, including the type of personal information collected and the number of people affected" and must report to Congress on an annual basis regarding the "activities of the Department that affect privacy..." Section 222(5) of the Act also expressly directs the DHS Privacy Officer to hear and report to Congress regarding all "complaints of privacy violations." 13 The composition of the teams on both sides will be notified to each other in advance and may include appropriate authorities concerned with privacy/data protection, customs control and other forms of law enforcement, border security and/or aviation security. Participating authorities will be required to obtain any necessary security clearances and will adhere to the confidentiality of the discussions and documentation to which they may be given access. Confidentiality will not however be an obstacle to each side making an appropriate report on the results of the joint review to their respective competent authorities, including the US Congress and the European Parliament. However, under no circumstances may participating authorities disclose any personal data of a data subject; nor may participating authorities disclose any non-public information derived from documents to which they are given access, or any operational or internal agency information they obtain during the joint review. The two sides will mutually determine the detailed modalities of the joint review. 8

9 Review and Termination of Undertakings 46) These Undertakings shall apply for a term of three years and six months (3.5 years), beginning on the date upon which an agreement enters into force between the United States and the European Community, authorizing the processing of PNR data by air carriers for purposes of transferring such data to CBP, in accordance with the Directive. After these Undertakings have been in effect for two years and six months (2.5 years), CBP, in conjunction with DHS, will initiate discussions with the Commission with the goal of extending the Undertakings and any supporting arrangements, upon mutually acceptable terms. If no mutually acceptable arrangement can be concluded prior to the expiration date of these Undertakings, the Undertakings will cease to be in effect; No Private Right or Precedent Created 47) These Undertakings do not create or confer any right or benefit on any person or party, private or public. 48) The provisions of these Undertakings shall not constitute a precedent for any future discussions with the European Commission, the European Union, any related entity, or any third State regarding the transfer of any form of data. May 11,

10 Attachment "A" PNR Data Elements Required by CBP from Air Carriers 1. PNR record locator code 2. Date of reservation 3. Date(s) of intended travel 4. Name 5. Other names on PNR 6. Address 7. All forms of payment information 8. Billing address 9. Contact telephone numbers 10. All travel itinerary for specific PNR 11. Frequent flyer information (limited to miles flown and address(es)) 12. Travel agency 13. Travel agent 14. Code share PNR information 15. Travel status of passenger 16. Split/Divided PNR information 17. address 18. Ticketing field information 19. General remarks 20. Ticket number 21. Seat number 22. Date of ticket issuance 23. No show history 24. Bag tag numbers 25. Go show information 26. OSI information 27. SSI/SSR information 28. Received from information 29. All historical changes to the PNR 30. Number of travelers on PNR 31. Seat information 32. One-way tickets 33. Any collected APIS information 34. ATFQ fields 10

b. Other serious crimes, including organized crime, that are transnational in nature; and

b. Other serious crimes, including organized crime, that are transnational in nature; and Frequently Asked Questions Regarding Customs and Border Protection Receipt of Passenger Name Records Related to Flights between the European Union and the United States United States law requires airlines

More information

UNDERTAKINGS OF THE UNITED STATES BUREAU OF CUSTOMS AND BORDER PROTECTION AND THE UNITED STATES TRANSPORTATION SECURITY ADMINISTRATION

UNDERTAKINGS OF THE UNITED STATES BUREAU OF CUSTOMS AND BORDER PROTECTION AND THE UNITED STATES TRANSPORTATION SECURITY ADMINISTRATION UNDERTAKINGS OF THE UNITED STATES BUREAU OF CUSTOMS AND BORDER PROTECTION AND THE UNITED STATES TRANSPORTATION SECURITY ADMINISTRATION In support of the plan of the European Commission (EC) to exercise

More information

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.

More information

MS 893: Freedom of Information Act Administration

MS 893: Freedom of Information Act Administration MS 893: Freedom of Information Act Administration Effective Date: September 30, 2004 Supersedes: 5/1/88; 10/18/84 Responsible Office: Management 1.0 Background The Peace Corps' policies with respect to

More information

Privacy Act of 1974; Department of Homeland Security/United States Coast Guard 029. AGENCY: Department of Homeland Security, Privacy Office.

Privacy Act of 1974; Department of Homeland Security/United States Coast Guard 029. AGENCY: Department of Homeland Security, Privacy Office. This document is scheduled to be published in the Federal Register on 10/31/2014 and available online at http://federalregister.gov/a/2014-25905, and on FDsys.gov 9110-04 DEPARTMENT OF HOMELAND SECURITY

More information

Chapter 2.82 - RECORDS MANAGEMENT Sections:

Chapter 2.82 - RECORDS MANAGEMENT Sections: Chapter 82 - RECORDS MANAGEMENT Sections: 8010 - Government records findings Recognition of public policy. The council of Salt Lake County finds the following: A. It is in the best interests of Salt Lake

More information

Privacy Act of 1974; Department of Homeland Security, U.S. Customs and Border

Privacy Act of 1974; Department of Homeland Security, U.S. Customs and Border BILLING CODE: 4410-10 DEPARTMENT OF HOMELAND SECURITY Office of the Secretary DHS-2008-0052 Privacy Act of 1974; Department of Homeland Security, U.S. Customs and Border Protection Electronic System for

More information

Linde Integrity Line. Process and Data Protection Policy. 1 July 2007

Linde Integrity Line. Process and Data Protection Policy. 1 July 2007 Linde Integrity Line Process and Data Protection Policy 1 July 2007 Page 2 of 10 Table of Contents Preamble 3 1 Scope of application 3 2 Definitions 3 3 Submitting Reports Regular Channels 3 4 Submitting

More information

28042 Federal Register / Vol. 75, No. 96 / Wednesday, May 19, 2010 / Notices

28042 Federal Register / Vol. 75, No. 96 / Wednesday, May 19, 2010 / Notices 28042 Federal Register / Vol. 75, No. 96 / Wednesday, May 19, 2010 / Notices the records are part of an on-going investigation in which case they may be retained until completion of the investigation.

More information

Privacy Act of 1974: System of Records; Secure Flight Test Records. AGENCY: Transportation Security Administration (TSA), Department of Homeland

Privacy Act of 1974: System of Records; Secure Flight Test Records. AGENCY: Transportation Security Administration (TSA), Department of Homeland [4910-62-P] DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration [Docket No. TSA-2004-19160] Privacy Act of 1974: System of Records; Secure Flight Test Records AGENCY: Transportation

More information

Privacy Act of 1974; Department of Homeland Security/United States Coast Guard-015. AGENCY: Privacy Office, Department of Homeland Security.

Privacy Act of 1974; Department of Homeland Security/United States Coast Guard-015. AGENCY: Privacy Office, Department of Homeland Security. This document is scheduled to be published in the Federal Register on 07/14/2016 and available online at http://federalregister.gov/a/2016-16598, and on FDsys.gov 9110-04 DEPARTMENT OF HOMELAND SECURITY

More information

The United States Federal Trade Commission ("FTC") and the Office of the Data Protection Commissioner of Ireland (collectively, "the Participants"),

The United States Federal Trade Commission (FTC) and the Office of the Data Protection Commissioner of Ireland (collectively, the Participants), MEMORANDUM OF UNDERSTANDING BETWEEN THE UNITED STATES FEDERAL TRADE COMMISSION AND THE OFFICE OF THE DATA PROTECTION COMMISSIONER OF IRELAND ON MUTUAL ASSISTANCE IN THE ENFORCEMENT OF LAWS PROTECTING PERSONAL

More information

2.82.010 Government records findings--recognition of public policy.

2.82.010 Government records findings--recognition of public policy. Chapter 2.82 RECORDS MANAGEMENT 2.82.010 Government records findings--recognition of public policy. The council of Salt Lake County finds the following: A. It is in the best interests of Salt Lake County

More information

Privacy Impact Assessment Of the. Office of Inspector General Information Technology Infrastructure Systems

Privacy Impact Assessment Of the. Office of Inspector General Information Technology Infrastructure Systems Privacy Impact Assessment Of the Office of Inspector General Information Technology Infrastructure Systems Program or application name: Office of Inspector General Information Technology Infrastructure

More information

7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data. Directive 7.08 Protection of Personal Data

7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data. Directive 7.08 Protection of Personal Data Akzo Nobel N.V. Executive Committee Rules 7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data Source Directive Content Owner Directive 7.08 Protection of Personal Data AkzoNobel Legal

More information

COUNCIL OF THE EUROPEAN UNION. Brussels, 8 December 2011 (OR. en) 17434/11 Interinstitutional File: 2011/0382 (NLE)

COUNCIL OF THE EUROPEAN UNION. Brussels, 8 December 2011 (OR. en) 17434/11 Interinstitutional File: 2011/0382 (NLE) COUNCIL OF THE EUROPEAN UNION Brussels, 8 December 2011 (OR. en) 17434/11 Interinstitutional File: 2011/0382 (NLE) JAI 862 USA 85 RELEX 1234 DATAPROTECT 139 LEGISLATIVE ACTS AND OTHER INSTRUMENTS Subject:

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection

More information

OBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;

OBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; OBJECTS AND REASONS This Bill would provide for (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; (b) the protection of the privacy of individuals in relation

More information

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS As a world leader in electronic commerce and payment services, First Data Corporation and its subsidiaries ( First Data entity or entities ),

More information

Terms and Conditions Relating to Protected Health Information ( City PHI Terms ) Revised and Effective as of September 23, 2013

Terms and Conditions Relating to Protected Health Information ( City PHI Terms ) Revised and Effective as of September 23, 2013 Terms and Conditions Relating to Protected Health Information ( City PHI Terms ) Revised and Effective as of September 23, 2013 The City of Philadelphia is a Covered Entity as defined in the regulations

More information

TABLE OF CONTENTS. Maintaining the Quality and Integrity of Information. Notification of an Information Security Incident

TABLE OF CONTENTS. Maintaining the Quality and Integrity of Information. Notification of an Information Security Incident AGREEMENT BETWEEN THE UNITED STATES OF AMERICA AND THE EUROPEAN UNION ON THE PROTECTION OF PERSONAL INFORMATION RELATING TO THE PREVENTION, INVESTIGATION, DETECTION, AND PROSECUTION OF CRIMINAL OFFENSES

More information

PRESIDENT S DECISION No. 40. of 27 August 2013. Regarding Data Protection at the European University Institute. (EUI Data Protection Policy)

PRESIDENT S DECISION No. 40. of 27 August 2013. Regarding Data Protection at the European University Institute. (EUI Data Protection Policy) PRESIDENT S DECISION No. 40 of 27 August 2013 Regarding Data Protection at the European University Institute (EUI Data Protection Policy) THE PRESIDENT OF THE EUROPEAN UNIVERSITY INSTITUTE, Having regard

More information

Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data

Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data *) For the purposes of these Corporate Guidelines, Third Countries are all those countries, which do not

More information

211 CMR: DIVISION OF INSURANCE 211 CMR 142.00: INSURANCE SALES BY BANKS AND CREDIT UNIONS

211 CMR: DIVISION OF INSURANCE 211 CMR 142.00: INSURANCE SALES BY BANKS AND CREDIT UNIONS 211 CMR 142.00: INSURANCE SALES BY BANKS AND CREDIT UNIONS Section 142.01: Scope and Purpose 142.02: Applicability 142.03: Definitions 142.04: Licensing 142.05: Consumer Protection Terms and Conditions

More information

Personal information, for purposes of this Policy, includes any information which relates to an identified or an identifiable person.

Personal information, for purposes of this Policy, includes any information which relates to an identified or an identifiable person. PART I: INTRODUCTION AND BACKGROUND Purpose This Data Protection Binding Corporate Rules Policy ( Policy ) establishes the approach of Fluor to compliance with European data protection law and specifically

More information

COMMUNICATION FROM THE COMMISSION TO THE COUNCIL AND THE PARLIAMENT. Transfer of Air Passenger Name Record (PNR) Data: A Global EU Approach EN 1 EN

COMMUNICATION FROM THE COMMISSION TO THE COUNCIL AND THE PARLIAMENT. Transfer of Air Passenger Name Record (PNR) Data: A Global EU Approach EN 1 EN COMMUNICATION FROM THE COMMISSION TO THE COUNCIL AND THE PARLIAMENT Transfer of Air Passenger Name Record (PNR) Data: A Global EU Approach EN 1 EN TABLE OF CONTENTS 1. Introduction and Background... 3

More information

Guidelines on Data Protection. Draft. Version 3.1. Published by

Guidelines on Data Protection. Draft. Version 3.1. Published by Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...

More information

Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document

Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1

More information

Corporate Policy. Data Protection for Data of Customers & Partners.

Corporate Policy. Data Protection for Data of Customers & Partners. Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing

More information

PREAMBLE. THE GOVERNMENT OF THE UNITED STATES OF AMERICA and THE GOVERNMENT OF CANADA (hereinafter "the Parties");

PREAMBLE. THE GOVERNMENT OF THE UNITED STATES OF AMERICA and THE GOVERNMENT OF CANADA (hereinafter the Parties); FRAMEWORK AGREEMENT ON INTEGRATED CROSS-BORDER MARITIME LAW ENFORCEMENT OPERATIONS BETWEEN THE GOVERNMENT OF THE UNITED STATES OF AMERICA AND THE GOVERNMENT OF CANADA PREAMBLE THE GOVERNMENT OF THE UNITED

More information

Corporate ICT & Data Management. Data Protection Policy

Corporate ICT & Data Management. Data Protection Policy 90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control

More information

E-Travel Initiative Electronic Data Systems (EDS) FedTraveler.com

E-Travel Initiative Electronic Data Systems (EDS) FedTraveler.com PRIVACY IMPACT ASSESSMENT E-Travel Initiative Electronic Data Systems (EDS) FedTraveler.com August 20, 2007 Prepared by: GSA Office of Governmentwide Policy (OGP) E-Travel Program (MO) 1800 F Street NW

More information

Binding Corporate Rules ( BCR ) Summary of Third Party Rights

Binding Corporate Rules ( BCR ) Summary of Third Party Rights Binding Corporate Rules ( BCR ) Summary of Third Party Rights This document contains in its Sections 3 9 all provision of the Binding Corporate Rules (BCR) for Siemens Group Companies and Other Adopting

More information

HIPAA Employee Training Guide. Revision Date: April 11, 2015

HIPAA Employee Training Guide. Revision Date: April 11, 2015 HIPAA Employee Training Guide Revision Date: April 11, 2015 What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 (also known as Kennedy- Kassebaum Act ). HIPAA regulations address

More information

Align Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION

More information

Crew Member Self Defense Training (CMSDT) Program

Crew Member Self Defense Training (CMSDT) Program for the Crew Member Self Defense Training (CMSDT) Program February 6, 2008 Contact Point Michael Rigney Federal Air Marshal Service Flight Programs Division Michael.Rigney@dhs.gov Reviewing Officials Peter

More information

LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT

LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT 2300 Pursuant to its authority from Article 59 of the Rules of Procedure of the Croatian Parliament, the Legislation Committee determined the revised text

More information

UNITED STATES DISTRICT COURT DISTRICT OF CONNECTICUT

UNITED STATES DISTRICT COURT DISTRICT OF CONNECTICUT UNITED STATES DISTRICT COURT DISTRICT OF CONNECTICUT ATTORNEY GENERAL OF THE : STATE OF CONNECTICUT, and : STATE OF CONNECTICUT : Plaintiffs, : : v. : Civ. No. : HEALTH NET OF THE NORTHEAST, INC., : HEALTH

More information

United States Visitor and Immigrant Status Indicator Technology Program (US-VISIT)

United States Visitor and Immigrant Status Indicator Technology Program (US-VISIT) for the Conversion to 10-Fingerprint Collection for the United States Visitor and Immigrant Status Indicator Technology Program (US-VISIT) November 15, 2007 Contact Point Barbara M. Harrison, Acting Privacy

More information

AlixPartners, LLP. General Data Protection Statement

AlixPartners, LLP. General Data Protection Statement AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection

More information

SUMMARY: The Office of the Secretary of Defense proposes to. alter a system of records notice DPFPA 02, entitled Pentagon

SUMMARY: The Office of the Secretary of Defense proposes to. alter a system of records notice DPFPA 02, entitled Pentagon This document is scheduled to be published in the Federal Register on 02/11/2016 and available online at http://federalregister.gov/a/2016-02788, and on FDsys.gov Billing Code: 5001-06 DEPARTMENT OF DEFENSE

More information

H. R. 5005 11 SEC. 201. DIRECTORATE FOR INFORMATION ANALYSIS AND INFRA STRUCTURE PROTECTION.

H. R. 5005 11 SEC. 201. DIRECTORATE FOR INFORMATION ANALYSIS AND INFRA STRUCTURE PROTECTION. H. R. 5005 11 (d) OTHER OFFICERS. To assist the Secretary in the performance of the Secretary s functions, there are the following officers, appointed by the President: (1) A Director of the Secret Service.

More information

University of Liverpool Online Programmes - Privacy Policy for Visitors and Students

University of Liverpool Online Programmes - Privacy Policy for Visitors and Students University of Liverpool Online Programmes - Privacy Policy for Visitors and Students PLEASE NOTE: The following privacy terms relate to the University of Liverpool s online programmes and not The University

More information

AIRSPACE WAIVERS AND FLIGHT AUTHORIZATIONS FOR CERTAIN AVIATION OPERATIONS (INCLUDING DCA) (Amended)

AIRSPACE WAIVERS AND FLIGHT AUTHORIZATIONS FOR CERTAIN AVIATION OPERATIONS (INCLUDING DCA) (Amended) for the AIRSPACE WAIVERS AND FLIGHT AUTHORIZATIONS FOR CERTAIN AVIATION OPERATIONS (INCLUDING DCA) (Amended) Contact Point Lisa S. Dean Privacy Officer Transportation Security Administration (571) 227-3947

More information

GSK Public policy positions

GSK Public policy positions Safeguarding Personally Identifiable Information A Summary of GSK s Binding Corporate Rules The Issue The processing of Personally Identifiable Information (PII) 1 and Sensitive Personally Identifiable

More information

Personal Data Act (1998:204);

Personal Data Act (1998:204); Personal Data Act (1998:204); issued 29 April 1998. Be it enacted as follows. General provisions Purpose of this Act Section 1 The purpose of this Act is to protect people against the violation of their

More information

Senate Bill No. 38 Committee on Transportation and Homeland Security

Senate Bill No. 38 Committee on Transportation and Homeland Security Senate Bill No. 38 Committee on Transportation and Homeland Security CHAPTER... AN ACT relating to criminal records; creating the Records and Technology Division of the Department of Public Safety; enumerating

More information

Office of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers

Office of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers Office of the Data Protection Commissioner of The Bahamas Data Protection (Privacy of Personal Information) Act, 2003 A Guide for Data Controllers 1 Acknowledgement Some of the information contained in

More information

Please read and execute the attached Los Angeles World Airports (LAWA) Non-Disclosure Agreement (NDA).

Please read and execute the attached Los Angeles World Airports (LAWA) Non-Disclosure Agreement (NDA). INSTRUCTIONS FOR COMPLETING THE LOS ANGELES WORLD AIRPORTS NON-DISCLOSURE AGREEMENT Please read and execute the attached Los Angeles World Airports (LAWA) Non-Disclosure Agreement (NDA). The LAWA NDA must

More information

Code of Conduct. Corporate Data Protection. We make ICT strategies work

Code of Conduct. Corporate Data Protection. We make ICT strategies work Corporate Data Protection Code of Conduct for the Protection of the Individual s Right to Privacy in the Handling of Personal Data within the Deutsche Telekom Group 2010 / 04 We make ICT strategies work

More information

Data Protection Policy.

Data Protection Policy. Data Protection Policy. Data Protection Policy Foreword 2 Foreword Ladies and Gentlemen, In the information age, we offer customers the means to be always connected, even in their cars. This requires data

More information

MUTUAL LEGAL ASSISTANCE

MUTUAL LEGAL ASSISTANCE TREATIES AND OTHER INTERNATIONAL ACTS SERIES 13046 MUTUAL LEGAL ASSISTANCE Treaty Between the UNITED STATES OF AMERICA and the RUSSIAN FEDERATION Signed at Moscow June 17, 1999 with Related Notes NOTE

More information

Right to Financial Privacy Act

Right to Financial Privacy Act Background The Right to Financial Privacy Act of 1978 was enacted to provide the financial records of financial institution customers a reasonable amount of privacy from federal government scrutiny. The

More information

7.0 Information Security Protections The aggregation and analysis of large collections of data and the development

7.0 Information Security Protections The aggregation and analysis of large collections of data and the development 7.0 Information Security Protections The aggregation and analysis of large collections of data and the development of interconnected information systems designed to facilitate information sharing is revolutionizing

More information

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:

More information

ON MUTUAL COOPERATION AND THE EXCHANGE OF INFORMATION RELATED TO THE OVERSIGHT OF AUDITORS

ON MUTUAL COOPERATION AND THE EXCHANGE OF INFORMATION RELATED TO THE OVERSIGHT OF AUDITORS Mr. Ryutaro Hatanaka Commissioner Financial Services Agency Government of Japan 3-2-1 Kasumigaseki Chiyoda-ku, Tokyo Japan 100-8967 Dr. Kunio Chiyoda Chairman Certified Public Accountants and Auditing

More information

RECOGNIZING that the Participants each have functions and duties with respect to the protection of personal information in their respective countries;

RECOGNIZING that the Participants each have functions and duties with respect to the protection of personal information in their respective countries; MEMORANDUM OF UNDERSTANDING BETWEEN THE UNITED STATES FEDERAL TRADE COMMISSION AND THE INFORMATION COMMISSIONER S OFFICE OF THE UNITED KINGDOM ON MUTUAL ASSISTANCE IN THE ENFORCEMENT OF LAWS PROTECTING

More information

Privacy Policy. February, 2015 Page: 1

Privacy Policy. February, 2015 Page: 1 February, 2015 Page: 1 Revision History Revision # Date Author Sections Altered Approval/Date Rev 1.0 02/15/15 Ben Price New Document Rev 1.1 07/24/15 Ben Price Verify Privacy Grid Requirements are met

More information

Appendix 11 - Swiss Data Protection Act

Appendix 11 - Swiss Data Protection Act GLEIF- LOU Restricted Appendix 11 - Swiss Data Protection Act GLEIF Revision Version: 1.0 2015-09-23 Master Copy page 2 of 11 Applicable Provisions of the Swiss Data Protection Act (DPA) including the

More information

Public Act No. 15-162

Public Act No. 15-162 Public Act No. 15-162 AN ACT CONCERNING A STUDENT LOAN BILL OF RIGHTS. Be it enacted by the Senate and House of Representatives in General Assembly convened: Section 1. (NEW) (Effective October 1, 2015)

More information

Legislative Language

Legislative Language Legislative Language SECTION 1. DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY. Title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended (a) in section 201(c) by striking

More information

US-VISIT Program, Increment 1 Privacy Impact Assessment

US-VISIT Program, Increment 1 Privacy Impact Assessment US-VISIT Program, Increment 1 Privacy Impact Assessment December 18, 2003 Contact Point Steve Yonkers US-VISIT Privacy Officer Department of Homeland Security (202) 298-5200 Reviewing Official Nuala O

More information

PRIVACY ACT COMPLIANCE

PRIVACY ACT COMPLIANCE Department of Homeland Security Management Directive System MD Number: 0470.1 PRIVACY ACT COMPLIANCE 1. Purpose This directive establishes the Department of Homeland Security (DHS) policy for Privacy Act

More information

FedRAMP Package Access Request Form For Review of FedRAMP Security Package

FedRAMP Package Access Request Form For Review of FedRAMP Security Package FedRAMP Package Access Request Form For Review of FedRAMP Security Package INSTRUCTIONS: 1. Please complete this form, then print and sign. 2. Distribute to your Government Supervisor for review and signature.

More information

FIRST DATA CORPORATION SUMMARY: BINDING CORPORATE RULES FOR DATA PRIVACY AND PROTECTION

FIRST DATA CORPORATION SUMMARY: BINDING CORPORATE RULES FOR DATA PRIVACY AND PROTECTION FIRST DATA CORPORATION SUMMARY: BINDING CORPORATE RULES FOR DATA PRIVACY AND PROTECTION SUMMARY: BINDING CORPORATE RULES FOR DATA PRIVACY AND PROTECTION v 1.3 Supersedes: v 1.2 Summary Owner: Corporate

More information

SUITE SOLUTIONS MEMBERSHIP GUIDELINES Clients using EZ-Filing Inc. Software

SUITE SOLUTIONS MEMBERSHIP GUIDELINES Clients using EZ-Filing Inc. Software SUITE SOLUTIONS MEMBERSHIP GUIDELINES Clients using EZ-Filing Inc. Software The following procedures are needed to establish your account in order to download three bureau credit reports into your bankruptcy

More information

ATLANTIS CHIROPRACTIC, INC.

ATLANTIS CHIROPRACTIC, INC. ATLANTIS CHIROPRACTIC, INC. NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THAT INFORMATION PLEASE REVIEW THIS

More information

ADDRESSES SYSTEM LOCATION

ADDRESSES SYSTEM LOCATION Volume 80, Number 28 Wednesday, February 11, 2015 Public Notice 9034; Pages 7671 Privacy Act; System of Records: Medical Records, State-24 SUMMARY: Notice is hereby given that the Department of State proposes

More information

RPM INTERNATIONAL INC. AND ITS SUBSIDIARIES AND OPERATING COMPANIES SAFE HARBOR PRIVACY NOTICE. EFFECTIVE AS OF: August 12, 2015

RPM INTERNATIONAL INC. AND ITS SUBSIDIARIES AND OPERATING COMPANIES SAFE HARBOR PRIVACY NOTICE. EFFECTIVE AS OF: August 12, 2015 RPM INTERNATIONAL INC. AND ITS SUBSIDIARIES AND OPERATING COMPANIES SAFE HARBOR PRIVACY NOTICE EFFECTIVE AS OF: August 12, 2015 This Notice sets forth the principles followed by RPM International Inc.,

More information

BUSINESS ASSOCIATE ADDENDUM

BUSINESS ASSOCIATE ADDENDUM BUSINESS ASSOCIATE ADDENDUM This Business Associate Addendum ( Addendum ) adds to and is made a part of the Q- global Subscription and License Agreement by and between NCS Pearson, Inc. ( Business Associate

More information

Department of Defense DIRECTIVE

Department of Defense DIRECTIVE Department of Defense DIRECTIVE NUMBER 5400.11 October 29, 2014 DCMO SUBJECT: DoD Privacy Program References: See Enclosure 1 1. PURPOSE. This directive: a. Reissues DoD Directive (DoDD) 5400.11 (Reference

More information

Page 1 of 10. Before the PRIVACY OFFICE DEPARTMENT OF HOMELAND SECURITY. Washington, DC ) ) ) ) ) ) ) ) )

Page 1 of 10. Before the PRIVACY OFFICE DEPARTMENT OF HOMELAND SECURITY. Washington, DC ) ) ) ) ) ) ) ) ) Page 1 of 10 Before the PRIVACY OFFICE DEPARTMENT OF HOMELAND SECURITY Washington, DC 20528 Privacy Act of 1974, System of Records Notice (SORN, DHS/CBP 006, Automated Targeting System (ATS DHS-2006-0060

More information

POLICY & PROCEDURES EMERGENCY ASSISTANCE FROM NON-MUNICIPAL AMBULANCE SERVICES PURPOSE

POLICY & PROCEDURES EMERGENCY ASSISTANCE FROM NON-MUNICIPAL AMBULANCE SERVICES PURPOSE POLICY & PROCEDURES EMERGENCY ASSISTANCE FROM NON-MUNICIPAL AMBULANCE SERVICES PURPOSE This document describes the required capabilities for providers of Non-municipal Ambulance Services, the process for

More information

DATA PROTECTION CORPORATE POLICY

DATA PROTECTION CORPORATE POLICY DATA PROTECTION CORPORATE POLICY Information Management V1.1 03 July 2012 Not protectively marked This policy must be complied with fully by all Members, Officers Agents and Contractors of Plymouth City

More information

1.02 Authorized Recipient means an entity authorized by statute to receive background check information for noncriminal justice purposes.

1.02 Authorized Recipient means an entity authorized by statute to receive background check information for noncriminal justice purposes. SECURITY and MANAGEMENT CONTROL OUTSOURCING STANDARD The goal of this document is to provide adequate security and integrity for background check information while under the control or management of an

More information

DELEGATION AGREEMENT

DELEGATION AGREEMENT DELEGATION AGREEMENT This DELEGATION AGREEMENT, (the Agreement ), is by and among New York Stock Exchange LLC, a New York limited liability company, NYSE Regulation, Inc., a New York Type A not-for-profit

More information

Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information

Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information INTRODUCTION Privacy legislation establishes legal privacy rights for individuals and sets enforceable

More information

Inteum EU or Switzerland Safe Harbor Policy

Inteum EU or Switzerland Safe Harbor Policy Inteum EU or Switzerland Safe Harbor Policy EU or Switzerland Safe Harbor Policy Inteum (hereinafter the "Company") respects individual privacy and values the confidence of their customers, employees,

More information

Index. Definitions. What is Data Protection? Rights of Individuals. The 8 Principles of Data Protection

Index. Definitions. What is Data Protection? Rights of Individuals. The 8 Principles of Data Protection Data Protection Awareness Based on DIT s Data Protection Policy, the Data Protection Acts, 1988 & 2003 and guidance from the Office of the Data Protection Commissioner Index Definitions What is Data Protection?

More information

Background Check Service

Background Check Service for the Background Check Service Contact Point Elizabeth Gaffin USCIS Privacy Officer United States Citizenship and Immigration Services 202-272-1400 Reviewing Official Hugo Teufel III Chief Privacy Officer

More information

REMEDY Enterprise Services Management System

REMEDY Enterprise Services Management System for the Enterprise Services Management System April 28, 2016 Contact Point Marshall Nolan Border Enforcement and Management Systems Division Office of Information Technology U.S. Customs & Border Protection

More information

Department of Homeland Security Management Directives System MD Number: 4500.1 Issue Date: 03/01/2003 DHS E-MAIL USAGE

Department of Homeland Security Management Directives System MD Number: 4500.1 Issue Date: 03/01/2003 DHS E-MAIL USAGE Department of Homeland Security Management Directives System MD Number: 4500.1 Issue Date: 03/01/2003 DHS E-MAIL USAGE I. Purpose This directive establishes Department of Homeland Security (DHS) policy

More information

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES DeLand Chiropractic and Spinal Decompression NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THAT INFORMATION

More information

HERTSMERE BOROUGH COUNCIL

HERTSMERE BOROUGH COUNCIL HERTSMERE BOROUGH COUNCIL DATA PROTECTION POLICY October 2007 1 1. Introduction Hertsmere Borough Council ( the Council ) is fully committed to compliance with the requirements of the Data Protection Act

More information

BENCHMARK MEDICAL LLC, BUSINESS ASSOCIATE AGREEMENT

BENCHMARK MEDICAL LLC, BUSINESS ASSOCIATE AGREEMENT BENCHMARK MEDICAL LLC, BUSINESS ASSOCIATE AGREEMENT This BUSINESS ASSOCIATE AGREEMENT ( Agreement ) dated as of the signature below, (the Effective Date ), is entered into by and between the signing organization

More information

CYBERCRIME LAWS OF THE UNITED STATES

CYBERCRIME LAWS OF THE UNITED STATES CYBERCRIME LAWS OF THE UNITED STATES United States Code, Title 18, Chapter 121 STORED WIRE AND ELECTRONIC COMMUNICATIONS AND TRANSACTIONAL RECORDS ACCESS 2701. Unlawful access to stored communications

More information

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1 Protection of Personal Data RPC001147_EN_WB_L_1 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Responsibility of Employees

More information

OVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively.

OVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively. Joint work between experts from the Article 29 Working Party and from APEC Economies, on a referential for requirements for Binding Corporate Rules submitted to national Data Protection Authorities in

More information

Screening of Passengers by Observation Techniques (SPOT) Program

Screening of Passengers by Observation Techniques (SPOT) Program for the Screening of Passengers by Observation Techniques (SPOT) Program August 5, 2008 Contact Point Michael Kimlick, Branch Chief, Behavior Detection and Travel Document Validation Branch, Screening

More information

Department of Justice Policy Guidance 1 Domestic Use of Unmanned Aircraft Systems (UAS)

Department of Justice Policy Guidance 1 Domestic Use of Unmanned Aircraft Systems (UAS) Department of Justice Policy Guidance 1 Domestic Use of Unmanned Aircraft Systems (UAS) INTRODUCTION The law enforcement agencies of the Department of Justice ("the Department") work diligently to protect

More information

SECURITY and MANAGEMENT CONTROL OUTSOURCING STANDARD For NON-CHANNELERS

SECURITY and MANAGEMENT CONTROL OUTSOURCING STANDARD For NON-CHANNELERS SHP-570A 1/14 SECURITY and MANAGEMENT CONTROL OUTSOURCING STANDARD For NON-CHANNELERS The goal of this document is to provide adequate security and integrity for criminal history record information (CHRI)

More information

Data Protection Policy

Data Protection Policy London Borough of Enfield Data Protection Policy Author Mohi Nowaz Classification UNCLASSIFIED Date of First Issue 10/08/2012 Owner IGB Issue Status DRAFT Date of Latest Re-Issue 12/09/2012 Version 0.6

More information

RESPONDING TO SUBPOENAS AND REQUESTS FOR EXPERT WITNESS SERVICES. I. Purpose 1. II. Scope

RESPONDING TO SUBPOENAS AND REQUESTS FOR EXPERT WITNESS SERVICES. I. Purpose 1. II. Scope SMITHSONIAN DIRECTIVE 113, July 24, 2012 RESPONDING TO SUBPOENAS AND REQUESTS FOR EXPERT WITNESS SERVICES I. Purpose 1 II. Scope 1 III. Roles and Responsibilities 3 IV. Policy 4 V. Definitions 5 5 I. Purpose

More information

Family Educational Rights Privacy (FERPA) Act

Family Educational Rights Privacy (FERPA) Act F l o r i d a H o u s e o f R e p r e s e n t a t i v e s Family Educational Rights Privacy (FERPA) Act EDUCATION FACT SHEET 2010-11 What is the Family Educational Rights Privacy Act? The Family Educational

More information

UNITED STATES OF AMERICA FEDERAL TRADE COMMISSION

UNITED STATES OF AMERICA FEDERAL TRADE COMMISSION UNITED STATES OF AMERICA FEDERAL TRADE COMMISSION ) In the Matter of ) FILE NO. ) ACRAnet, INC., ) AGREEMENT CONTAINING a corporation. ) CONSENT ORDER ) ) The Federal Trade Commission ( Commission ) has

More information

CHAPTER 9 RECORDS MANAGEMENT (Revised April 18, 2006)

CHAPTER 9 RECORDS MANAGEMENT (Revised April 18, 2006) CHAPTER 9 RECORDS MANAGEMENT (Revised April 18, 2006) WHAT IS THE PURPOSE OF RECORDS MANAGEMENT? 1. To implement a cost-effective Department-wide program that provides for adequate and proper documentation

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT The parties to this ( Agreement ) are, a _New York_ corporation ( Business Associate ) and ( Client ) you, as a user of our on-line health record system (the "System"). BY

More information

ELECTRONIC COMMUNICATION & INFORMATION SYSTEMS POLICY

ELECTRONIC COMMUNICATION & INFORMATION SYSTEMS POLICY ELECTRONIC COMMUNICATION & INFORMATION SYSTEMS POLICY I. ELECTRONIC COMMUNICATION A. PURPOSE To better serve our citizens and give our workforce the best tools to do their jobs, the Common Council of the

More information